SSAE 22 was issued a couple years ago, back in December 2020, to supersede AT-C section 210 with three primary changes:
- More clearly describing the type of procedures that may be performed in a review engagement.
- Revising reporting requirements for an attestation review to provide additional transparency.
- Alignment with Statement on Standards for Accounting and Review Services No. 25, Materiality in a Review of Financial Statements and Adverse Conclusions, permits the expression of an adverse conclusion.
Description of the procedures a practitioner may perform in a review engagement:
The practitioner is now required to identify areas which a material misstatement could arise, and design and perform procedures to obtain reasonable / limited assurance to support the overall report conclusion, even if it is not a standard analytical test. Some additional permitted testing procedures include:
- Analytical procedures
- Inspection
- Observation
- Confirmation
- Recalculation
- Reperformance
Requirement that the practitioner’s report include an informative summary of the work performed as a basis for the practitioner’s conclusion
There is now an additional requirement that requires practitioners to describe in some (not necessarily much..) detail how they reached their conclusions. The AICPA set the bar for this statement at “the procedures we performed were based on or professional judgment and consisted primarily of analytical procedures and inquiries” but allows for something more detailed. But, if not required it is unlikely many firms will go beyond.
Permission of the expression of an adverse review conclusion
As of SSAE 22, practitioner’s are now required to express an adverse conclusion should they identify sufficient evidence to conclude misstatements, individually or in the aggregate, are both material and pervasive to the subject matter.
What does it all mean? Does it matter?
For most company’s getting an audit done, not so much. These are primarily changes that auditors need to implement for their practices and really only are applicable to service organizations in the event findings are uncovered.
